DOS attacks
#3
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
DOS = Denial Of Service
Not really anything out of the ordinary today apart from a flood of port 80 requests from :
200.95.2.186 (dsl-200-95-2-186.prodigy.net.mx) at around 10pm
and a portscan from 209.123.49.142 about 6pm
other than that it's just the usual 100's of attempts on Netbios ports....
Steve
Not really anything out of the ordinary today apart from a flood of port 80 requests from :
200.95.2.186 (dsl-200-95-2-186.prodigy.net.mx) at around 10pm
and a portscan from 209.123.49.142 about 6pm
other than that it's just the usual 100's of attempts on Netbios ports....
Steve
#4
Scooby Senior
Join Date: Aug 2002
Location: 52 Festive Road
Posts: 28,311
Likes: 0
Received 0 Likes
on
0 Posts
We get about 10 every day from various geeks across the planet. Our firewalls just drop the connections so we can't be arsed to do anything about them anymore
#5
Scooby Regular
Thread Starter
Join Date: Apr 1999
Location: Bore Knee Muff
Posts: 3,666
Likes: 0
Received 0 Likes
on
0 Posts
Yes we get the usual attacks but yesterday was wierd.
None of our firewalls indicated anything out of the ordinary.
The firewall in question looked like it was fine but no traffic was getting through to the DMZ.
All bandwidth monitors reported nothing odd.
Some parts of the network were uneffected so the router/line was OK.
The only time we have seen something like this before was the time we had problems prior to the SQL slammer virus being unleashed. This worm had already infected machine and went off searching for other vulnerable machines on the net. When the real worm was released the servers all said they were using 20-30k (when then would all be pulling 300k, some nearly 2mb) but the line was maxed out! Connections were maxing out causing firewalls to restart.
I think we may have been hit by another SQL slammer type worm and the worst is yet to come!!!
[Edited by RichB - 4/4/2003 9:32:51 AM]
None of our firewalls indicated anything out of the ordinary.
The firewall in question looked like it was fine but no traffic was getting through to the DMZ.
All bandwidth monitors reported nothing odd.
Some parts of the network were uneffected so the router/line was OK.
The only time we have seen something like this before was the time we had problems prior to the SQL slammer virus being unleashed. This worm had already infected machine and went off searching for other vulnerable machines on the net. When the real worm was released the servers all said they were using 20-30k (when then would all be pulling 300k, some nearly 2mb) but the line was maxed out! Connections were maxing out causing firewalls to restart.
I think we may have been hit by another SQL slammer type worm and the worst is yet to come!!!
[Edited by RichB - 4/4/2003 9:32:51 AM]
Thread
Thread Starter
Forum
Replies
Last Post